Traditionally, authentication to a web service is accessed through a web portal. Commonly, the portal is accessed through the user directing a web browser to a web portal via a Uniform Resource Locator (URL), which is a representation of the web portal address, usually in a more human readable form.
Authentication for the web portal usually takes the approach of requiring the user to input a unique combination of a username and a password that identifies that specific user. The web portal usually prompts the user for submission of these credentials in a web-based form. The web-based forms present themselves under standards-based web browser renderable code. The credentials are usually input into the web browser, utilizing special policy requirements that determine the number and type of characters required to access that web service. Longer alphanumeric character strings usually provide stronger defense against brute force computational attacks.
Because the HyperText Transport Protocol (HTTP) is stateless, a user going from page to page in a web site would be treated as a completely new user if there were no way to keep track of such movement. Session cookies enable web sites to keep track of the user's movement so that the user is not asked to reenter information already given to the web site. A common use of such cookies is for remembering selections from online catalogs, so that a shopping cart functionality can maintain items previously placed in the cart. Unlike persistent cookies, which stay stored on the user's computer after a browser session ends, session cookies are temporary files that are erased upon existing the browser.
Session cookies, which are created after login to a web page completes, typically identify the user, as well as other pertinent information about a browser session, such as a time stamp. Session cookies include hashes of the important login information without the actual sensitive information, such as the text of a password. One useful feature of a session cookie is that the session cookie provides all that is needed to login to a web page, without having to re-enter the login credentials.
Existing credential manager software typically allows a user to register credentials for logging into a web site with the credential manager. Upon accessing the relevant web page, the credential manager injects the credentials into the web authentication form, using an application programming interface (API) and software development kit (SDK) tools provided by the browser. The injection is typically done in the form of a content script, typically JavaScript code, that is injected into the web page by the credential manager browser extension. The content script runs in the user's browser, and fills in the web form, including possibly automatically submitting the form back to the web site for completing the login.
There are also malicious programs that can detect when password information has been injected into the appropriate field of a login page. This malware may be listening to user entry of login information or for injection of credentials by the credential manager.